secondsky/api-rate-limiting
plugins/api-rate-limiting/skills/api-rate-limiting/SKILL.md
Implements API rate limiting using token bucket, sliding window, and Redis-based algorithms to protect against abuse. Use when securing public APIs, implementing tiered access, or preventing denial-of-service attacks.
$ install --global
skillsauthnpx skillsauth add secondsky/claude-skills api-rate-limitingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 15, 2026, 4:26 AM11.2s1 file scanned
SKILL.md
- name:
- api-rate-limiting
- description:
- Implements API rate limiting using token bucket, sliding window, and Redis-based algorithms to protect against abuse. Use when securing public APIs, implementing tiered access, or preventing denial-of-service attacks.
- license:
- MIT
API Rate Limiting
Protect APIs from abuse using rate limiting algorithms with per-user and per-endpoint strategies.
Algorithms
| Algorithm | Pros | Cons | |-----------|------|------| | Token Bucket | Handles bursts, smooth | Memory per user | | Sliding Window | Accurate | Memory intensive | | Fixed Window | Simple | Boundary spikes |
Token Bucket (Node.js)
class TokenBucket {
constructor(capacity, refillRate) {
this.capacity = capacity;
this.tokens = capacity;
this.refillRate = refillRate; // tokens per second
this.lastRefill = Date.now();
}
consume() {
this.refill();
if (this.tokens >= 1) {
this.tokens--;
return true;
}
return false;
}
refill() {
const now = Date.now();
const elapsed = (now - this.lastRefill) / 1000;
this.tokens = Math.min(this.capacity, this.tokens + elapsed * this.refillRate);
this.lastRefill = now;
}
}
Express Middleware
const rateLimit = require('express-rate-limit');
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100,
standardHeaders: true,
message: { error: 'Too many requests, try again later' }
});
app.use('/api/', limiter);
Response Headers
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 45
X-RateLimit-Reset: 1705320000
Retry-After: 60
Tiered Limits
| Tier | Requests/Hour | |------|---------------| | Free | 100 | | Pro | 1,000 | | Enterprise | 10,000 |
Best Practices
- Use Redis for distributed rate limiting
- Include proper headers in responses
- Return 429 status with Retry-After
- Implement tiered limits for different plans
- Monitor rate limit metrics
- Test under load
Related Skills
secondsky/bun-runtime
tools
VerifiedTrustedCommunity
Use for Bun runtime, bunfig.toml, watch/hot modes, env vars, CLI flags, and module resolution.
144SKILL.mdUpdated May 15, 2026
secondsky/bun-redis
data-ai
VerifiedTrustedCommunity
Use when working with Redis in Bun (ioredis, Upstash), caching, pub/sub, session storage, or key-value operations.
144SKILL.mdUpdated May 15, 2026
secondsky/bun-react-ssr
development
VerifiedTrustedCommunity
Use when building server-rendered React with Bun, including streaming SSR, hydration, renderToString, or custom SSR without a framework.
144SKILL.mdUpdated May 15, 2026
secondsky/bun-package-manager
databases
VerifiedTrustedCommunity
Bun package manager commands (install, add, remove, update), workspaces, lockfiles, npm/yarn/pnpm migration. Use for dependency management with Bun.
144SKILL.mdUpdated May 15, 2026